148.113.128.234
# IPDEBRIEF INTELLIGENCE BRIEFING
Target IP: 148.113.128.234/32
Report Date: Current
Classification: Moderate Risk - Cloud Infrastructure
---
## EXECUTIVE SUMMARY
IP address 148.113.128.234 is a cloud-compute endpoint hosted on OVH infrastructure (ASN 16276) with a moderate risk profile (score: 40). The IP resolves to proxy hostname proxy-ca014-san234.ahrefs.net, indicating Ahrefs search engine marketing infrastructure. The subnet demonstrates elevated abuse density (0.6758) with 173 of 256 sibling IPs classified as threats. No direct threat indicators detected, but neighborhood context warrants defensive posture.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| ASN | 16276 |
| Organization | Dmytro, Ahrefs Pte Ltd |
| Network Name | OVH-CUST-281059693 |
| RIR | ARIN |
| CIDR Block | 148.113.128.0/24 |
| Infrastructure Type | CloudCompute |
| Hosting Status | Yes |
| CDN/VPN/Proxy | No |
Geolocation: Country code CA (Canada) reported, with coordinates showing Singapore (56.13, -106.35) โ geo-inconsistency noted with 3000km accuracy radius.
---
## THREAT ASSESSMENT
Risk Score: 40/100 (Moderate Risk)
Direct Threat Indicators:
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Control Plane Analysis:
- BGP Prefix: 148.113.128.0/17
- Route Stability: False (changes observed in 30-day window)
- DNSSEC Valid: Yes
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.2174 (Minimal)
---
## NETWORK NEIGHBORHOOD ANALYSIS
Subnet: 148.113.128.0/24
Abuse Density: 0.6758 (High Abuse)
Classification: High Abuse
| Metric | Value |
|---|---|
| Total Siblings | 256 |
| Active Siblings | 208 |
| Threat Siblings | 173 |
| Inherited Risk | 27 |
| Neighbor Sample Risk Distribution | 0 High / 100 Medium / 0 Low |
Sample Neighbor Risk Scores: 148.113.128.0-148.113.128.5 all show riskScore: 40, authorityScore: 50
---
## OBSERVATION HISTORY
Total Observations: 23 signals
Recent Activity:
- 2026-06-28: Operator score 0.1, confidence 0.30
- 2026-06-28: Abuse density signal 0.6758, confidence 0.22
- 2026-06-19: Subnet abuse classification "high_abuse", confidence 0.75
Temporal Indicators:
- Threat Persistence Days: 0
- Is Persistently Malicious: False
- Ownership Changes: 0
- Threat Observation Count: 1
---
## DNS & SERVICE ANALYSIS
PTR Record: proxy-ca014-san234.ahrefs.net
Forward Resolution: proxy-ca014-san234.ahrefs.net
Forward Confirmed: No
Hosted Domain Count: 0
Open Ports: None detected
TLS Certificates: 0
HTTP Services: None detected (Firewalled / No Services)
Email Authentication:
- SPF: Not configured
- DMARC: Not configured
- TXT Records: 0
---
## RELATIONSHIP GRAPH
Total Relationships: 54
Primary Relationship Type: Same Network (OVH-CUST-281059693)
Network Links: 49+ duplicate same-network references
---
## RECOMMENDED ACTIONS
Risk Score: 40 โ No specific action recommendations generated (probabilistic assessment suggests monitoring)
Available Firewall Rules:
- iptables: `iptables -A INPUT -s 148.113.128.234 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 148.113.128.234 drop`
- nginx: `deny 148.113.128.234;`
- pfSense: `148.113.128.234/32`
- Cloudflare WAF: Block with expression `ip.src eq 148.113.128.234`
- AWS WAF: Address `148.113.128.234/32` with description "IPDebrief risk 40"
---
## SOC ANALYST NOTES
Key Indicators:
1. Ahrefs proxy infrastructure in OVH cloud hosting
2. High-abuse subnet environment (173/256 threat siblings)
3. No direct malicious indicators but elevated neighborhood risk
4. DNSSEC valid with RPKI state unavailable
5. Route instability detected in 30-day window
Recommendation: Monitor rather than block. The IP serves legitimate Ahrefs functionality but operates within a high-abuse subnet. Consider subnet-level monitoring for 148.113.128.0/24 and correlate with threat intelligence feeds for specific malicious activity patterns.
Confidence Level: Moderate โ based on neighborhood context and infrastructure classification rather than direct threat indicators.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059693 |
| CIDR Block | 148.113.128.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca014-san234.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca014-san234.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 30% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-14 23:34:49 UTC |
| Last Seen | 2026-06-28 01:38:42 UTC |
| Profile Built | 2026-06-29 01:46:05 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.